The invention relates generally to computer systems and more particularly, but not by way of limitation, to a technique for establishing a peer-to-peer (“P2P”) connection between two computers in the presence of network address translation (“NAT”). Establishing a P2P connection between two computers is useful for the implementation of various applications, including, for example, gaming, file sharing, and media (audio, video, etc.) conferencing. Although the system herein is described with reference to Internet Protocol (“IP”) networks, the invention is not so limited and could be used with other network types.
Large public networks, such as the Internet, frequently have connections to smaller private networks, such as those maintained by a corporation, Internet service provider, or even individual households. By their very nature, public networks must have a commonly agreed upon allocation of network addresses, i.e., public addresses. For a variety of reasons, some of which are discussed in more detail below, maintainers of private networks often choose to use private network addresses for the private networks that are not part of the commonly agreed upon allocation. Thus, for network traffic from the private network to be able to traverse the public network, some form of NAT is required.
As is known to those skilled in the art, the basic principle of NAT is that a private network, having a private addressing scheme, may be connected to a public network, having a standardized addressing scheme, e.g., the Internet through a network address translator. A network address translator (details of which are known to those skilled in the art) alters the data packets being sent out of the private network to comply with the addressing scheme of the public network. Particularly, the network address translator replaces the originating private address and port number of a packet with its own public address and an assigned port number. A network address translator also alters the data packets being received for computers on the private network to replace the destination public address and port number with the correct private address and port number of the intended recipient. As used herein, the term address should be construed to include both an address and a port number if appropriate in the context, as would be understood by one of ordinary skill in the art.
NAT has become increasingly common in modern network computing. One advantage of NAT is that it slows the depletion of public network address space. For example, TCP/IP addressing, which is used on the Internet, comprises four strings of three digits each, thus providing a finite address space. Additionally, certain portions of this address space are reserved for particular uses or users, further depleting the actual number of addresses available. However, if NAT is used, a private network or subnet may use an arbitrary number of addresses, and still present only a single, standardized public address to the outside world. This makes the number of available addresses practically limitless, because each private network could, theoretically, use exactly the same private addresses.
Another advantage provided by NAT is increased security. The increased security arises in part from the fact that those on the public network cannot determine the actual (i.e., private) network address of a computer on a private network. This is because only the public address is provided on the public network by the network address translator. Additionally, this public address may correspond to any number of computers on the private network. This feature also facilitates network address translators acting as firewalls, because data received by the network address translator that does not correspond to a request from a computer on the private network may be discarded.
While this security works well in conventional client-server computing, where connections to a “server” on the public network are initiated by a “client” on the private network, it poses problems for P2P connections. In many P2P applications, it is desirable to establish a connection directly between two computers (i.e., peers) that would be considered clients in a traditional sense, but that may act both as clients and as servers in the context of the P2P connection. Establishing a direct connection becomes increasingly difficult if one or both of the peers is located behind one or more levels of NAT.
Historically, there have been various techniques for establishing a P2P connection in the presence of NAT. These techniques include Relaying, Connection Reversal, UDP Hole Punching, UDP Port Number Prediction, and Simultaneous TCP Connection Initiation. Each of these techniques suffers from various deficiencies that render them undesirable for various applications. For example, Relaying increases network overhead and latency, which is undesirable for timing critical applications such as video conferencing or gaming. Connection Reversal will only work if only one of the peers is located behind a network address translator. UDP Hole Punching, as the name implies, works well only with UDP connections and is less successful using other transport layer protocols, such as TCP. UDP Port Number Prediction requires predictable behavior by the various components, and is also geared toward UDP connections. Simultaneous TCP Connection Initiation requires a degree of luck, both with regard to addressing and port assignment and connection timing, resulting in a fragility that renders it unsuitable for general application.
Thus, it would be beneficial to provide a means to permit computers each located behind one or more NAT layers to establish a direct, P2P connection in a way that is efficient, reliable, and requires minimal redesign of existing network infrastructure.